--- Cael Abal <[EMAIL PROTECTED]> wrote: > Excellent job finding and documenting this feature. As for the > developers' motivations, though, I don't think it's necessary to point > at colusion with the RIAA/MPAA. > > In all honesty, I'm surprised we haven't seen *more* backdoors of this > type in various popular closed-source, network-aware apps. I don't > condone it, but I understand the mentality: "Our network, our rules." > Really, all it takes is one rogue developer, coupled with insufficient > code review. > > What does surprise me is that you report only delete functionality and > not read/write. If I was going to the trouble to implement naughty > features into an app like ES5, that'd be my priority. > > All this does is reinforce the value of independent code auditing > (insert various pro-open-source comments here).
FYI, they have now uploaded a new ES5 installer. I haven't installed it but you can be pretty sure that they have removed their malicious code and will soon claim I lied all along. See my original post for the MD5 sums of the tested programs (builds 1266 and build 2180). __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
